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Abstract (Basic) : US 5412730 A 

The method provides a seed value to both the transmitter and 
receiver , which is followed by generating a first sequence of pseudo- 
random key values based on the seed value at the transmitter . Each 

new key value in the sequence is produced at a time dependent upon 
a set characteristic of the data being transmitted over the link. 

The method also entails encryption the data sent over the link at 
the transmitter in accordance with the first sequence. A second 
sequence of pseudo- random key values is then generated which is based 
on the seed value at the receiver . Each new key value in the 
sequence is produced at a time dependent upon the set characteristic of 
the data transmitted over the link. 

USE /ADVANTAGE - In transmitting data with cleat text data and 
cipher text used unique key value. Improved flexibility and security. 

Dwg .1/4 

Title Terms: ENCRYPTION ; DATA; TRANSMISSION; SYSTEM; CONTAIN; FACILITY; 
RANDOM ; ALTER; ENCRYPTION ; KEY; KEY; MEMORY; PERMIT; UNIQUE; SERIAL; 
NUMBER; IDENTIFY; REMOTE; UNIT; STORAGE; CURRENT; ENCRYPTION ; KEY; 

VALUE 
Derwent Class: W01 

International Patent Class (Main) : H04L-009/00 

File Segment: EPI 



12/5/13 (Item 13 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 

(c) 2004 Thomson Derwent. All rts. reserv. 



009942464 **Image available** 
WPI Acc No: 1994-210177/199426 

Related WPI Acc No: 1993-281861; 1993-344999; 1994-110856; 1994-134066 

XRPX Acc No: N94-165528 

Authentication method for terminal in mobile communications system - 
enciphers copy of terminal key used to authenticate initial service 
request and stores it in terminal to authenticate subsequent requests 
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The authentication method uses a communication processor (20) which 
retrieves a cipher key (Ka) from memory (30) for a terminal (10) 
making an initial service request. It enciphers the key with its own 
key (Kb) and transmits the result and a random number (Yl) to the 
terminal for respective storage and enciphering . 

The enciphered random number is transmitted to the processing 
unit, which authenticates it with the retrieved key (Ka) . For 
subsequent service requests, the terminal transmits a corresp. mode 
signal and the stored enciphered key. The processing unit transmits 
a second random number (Y2) to the terminal for enciphering and 
deciphers the enciphered key to authenticate the response. 

USE /ADVANTAGE - Esp. for mobile telecommunications system. 
Authentication processing time of service requests subsequent to 
initial service request minimised. 
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Abstract (Basic) : WO 9310509 A 

Data from the issuer of a smart card at a remote location 
establishes a communication link between the terminal and the issuer's 
secure computer and a smart card reader /writer . The issuer and retailer 
identify each other and a session key is established to encipher the 
data between the issuer and retailer and writing from the issuer's 
computer to the customer smart card. 

Personalisation establishes a second session key to encipher 
data traffic between the data terminal and the issuer's computer. The 
issuer (2) is the organisation which provides goods or services and is 
responsible for the system as a whole such as a bank or 

telecommunications operator. The retailer (3) represents the issuer and 
the customer (4) is the end user. 

ADVANTAGE - Secure communication of personal, financial and other 
information using PIN unblocking keys. 
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Continuous cipher sync, for digital cellular communication - generating 
pseudo random key stream from multi-bit counter for combination with 
data and providing continuous updates to transmitter counter 
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Abstract (Basic) : EP 446194 A 

A first pseudo- random key stream of bits is generated in 
accordance with an algorithm that is a function of a multi-bit digital 
value contained in a first register. The value in the register is 
incremented at regular periodic intervals to vary the pattern of bits 
in the key stream. The bits of the key stream are combined with a 
stream of data bits carrying communications information to 
cryptographically encode the data and the encoded data is transmitted 
to a receiver . Also transmitted to the receiver at regular 
periodic intervals and interspersed with the transmission of encoded 
data is the value contained in the register, a second pseudo- random 

key stream of bits is generated in accordance with the algorithm 
which is the function of a multi-bit digital value contained in a 
second register. 

The value in the second register is incremented at the same 
intervals as the first register to vary the pattern of bits in the 
second stream in an identical fashion to the pattern in the first 



stream. The bits of the second stream are combined with the received 
stream of encoded data to decode the data into the communications 
information. The value contained in the second register is periodically 
compared with the received value of the first register to determine 
whether the two values match for corresponding moments of time and 
whether the first and second key streams are in synchronism with 
one another. 

ADVANTAGE - Prevents accumulation of errors by providing 
continuous or very frequent updates to reset receiver counter and to 
resynchronise system without necessity of reinitialisation and 
repetition of intervening clock pulses. 
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Abstract (Basic) : EP 385511 A 

A system includes a common file for storing public information in a 
position indicated by the receiving party identifying information. A 
transmitting subsystem is capable of reading the common file, 
generating random numbers and a cipher key, and storing secret 
information. The subsystem also generates a key distribution code and 
transmits this code together with information identifying the 
communicating party. 



A receiving subsystem receives the key distributing code and 
identifies information, stores a constant and secret information and 
generates the same cipher key as the transmitting subsystem. 

USE /ADVANTAGE - For one way communication system. Avoids excessive 
overheads and improves security. 
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Data communication apparatus using data carrier - uses session key 
generated from random number forming appts . ciphered using master 
key, in external unit 
Patent Assignee: MATSUSHITA ELEC IND CO LTD (MATU ) 
Inventor: ITO M; TAKAGI N; TSUJI T 
Number of Countries: 002 Number of Patents: 005 
Patent Family: 



Patent No 


Kind 


Date 


Applicat No 


Kind 


Date 


Week 


WO 


9009009 


A 


19900809 








199034 


EP 


422230 


A 


19910417 


EP 90902392 


A 


19900124 


199116 


US 


5227613 


A 


19930713 


WO 90JP78 


A 


19900124 


199329 










US 90582172 


A 


19901120 




KR 


9305572 


Bl 


19930623 


WO 90JP78 


A 


19900124 


199425 










KR 90702115 


A 


19900924 




EP 


422230 


A4 


19960703 


EP 90902392 


A 


19900000 


199644 



Priority Applications (No Type Date): JP 8915336 A 19890124; JP 8915329 A 
19890124 

Cited Patents: JP 60062252; JP 62189593; JP 62191991; JP 63050222; JP 
63131169; JP 63219244; EP 114368; EP 128672; EP 138219; EP 147337; EP 
166541; EP 281059; EP 284133; EP 292249; EP 305004; EP 55986; FR 2536928 

Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

US 5227613 A 18 H04L-009/12 Based on patent WO 9009009 

KR 9305572 Bl G06K-019/073 

Abstract (Basic) : WO 9009009 A 

To prevent eavesdropping of data from the communication wire, a 
session key (rl) generated from a random number forming device (15) 
is ciphered (16) using a master key (km) and is sent to an external 
unit. Further, a cryptogram input from an external unit is decoded (17) 
using a session key (rl) generated from the random number forming 
device (15). (50pp Dwg. No. 2/11) 
Title Terms: DATA; COMMUNICATE; APPARATUS; DATA; CARRY; SESSION; KEY; 
GENERATE; RANDOM ; NUMBER; FORMING; APPARATUS ; MASTER; KEY; EXTERNAL; 
UNIT 

Derwent Class: P85; T04; W01; W02 

International Patent Class (Main): G06K-019/073 ; H04L-009/12 
International Patent Class (Additional): G06K-017/00; G06K-019/07; 

G09C-001/00 
File Segment: EPI; EngPI 



12/5/18 (Item 18 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 

(c) 2004 Thomson Derwent. All rts. reserv. 



008332139 **Image available** 

WPI Acc No: 1990-219140/199029 

XRPX Acc No: N90-170043 

Certification system for IC card memory - sends random number, 
encryption algorithm selector and key data between terminal and card to 
certify terminal 
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Abstract (Basic) : GB 2227111 A 

The certification system includes an electronic device with at 
least one key data. A second electronic device is capable of 
performing communication with the first electronic device. The first 
data and designation data fro designating key data for encrypting the 
first data is transmitted from the second electronic device to the 
first electronic device. 

When the first data and the designation data are received by the 
first electronic device, one key data from the at least one key data in 
accordance with the received designation data is selected and the 
received first data is encrypted by using the selected key data. 
Part of the encrypted data is transmitted to the second electronic 
device after the first data is entirely received by the first 
electronic device. 

USE - For IC cards using erasable non-volatile and control 
element . 
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Abstract (Basic) : EP 266044 A 

A security system for authenticating a potential user of a service 
has a first unit associated with the service and a second unit 
associated with the user. Each unit communicates with the other through 
a communication medium. Each unit includes a memory, at least one of 
the units including a memory module and having stored groups of random 
numbers. The numbers of each group are logically associated as a group 
at a logical address. The random numbers and associated addresses in 
the memory of the first unit are identical to those of the memory of 
the second unit . 

The first unit has a control circuit to extract from the memory one 
of the random numbers to communicate the number to the second unit, 
compare a received signal from the second unit with another of the 
random numbers, and to provide authentication of the user only upon 
the match of the received signal with the other random numbers. In 
each subsequent cycle of operation it extracts one of the random 
numbers from a different group. The second unit includes a control 
circuit arranged on receipt from the first unit of the random numbers 
to extract from its memory another random number of the group. 

USE/ADVANTAGE - For encryption , authentication, identification 
and/or digital signature. Allows encryption keys to be exchanged or 
transferred in any open communications environment (e.g. telephone, 
radio, etc.) without providing any information that attacker could use 
to discover keys, accommodates very rapid (less than one second ) key 
changes at any time during established session. 
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Abstract (Basic) : EP 257585 A 

The key distribution method comprises generating a random number 
in one system and generating key distribution information in the system 
by applying a predetermined transformation the random number on the 
basis of secret information known only by the system. The information 
is transmitted to a further system via a communication channel and is 

received in the second system, where another random number is 
generated . 

Further key distribution information is generated by applying the 
first transformation to the second random number on the basis of 
secret information known only by the second system. The information is 
transmitted to the first system. An enciphering key is generated by 
applying a predetermined transformation to the information on the basis 
of the first random number and ID information of the non-secret 
further information. 
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Abstract (Basic) : EP 197392 B 

A session key is valid only for the duration of a single 
cryptographic session. Each node has a local cryptographic facility 
including a predetermined cross-domain key and an attribute associated 
with the other node/user identity. 

A random number is generated and encrypted under the 
cross-domain key. The encrypted number is copied to the other node. 
Any received encrypted random number from the other node is 
decrypted under the cross-domain key. A parameter is formed by 
combining the attributes derived or associated with the identities of 
both nodes/users. An interim key is formed from the composite of the 
local and received random numbers. The parameter is combined with 
the interim key to produce the session key. 

ADVANTAGE - reduces vulnerability to both playback and password 
attack. {20pp Dwg.No.2/4 
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Abstract (Basic) : EP 155762 A \ 

A scrambled signal is received together with an encrypted key 
signal, a key generation number and an address for accessing a 
predetermined area in a memory. A circuit provides a subscriber key 
generation signal that is unique to the descrambler. A generator 
reproduces the unique subscriber key signal by processing the 
subscriber key generation signal in accordance with a predetermined 
encryption algorithm, on the algorithm being keyed by a prescribed 
subscriber a key seed signal unique to the descrambler. 

A memory stores the prescribed subscriber key seed signal and 
provides it to key the algorithm when the memory is accessed by the 
address received with the key generation number. A circuit accesses 
the memory with the address reserved with the key generation number. 

USE /ADVANTAGE - For e.g. controlling distribution of scrambled 
signals in television subscription system. Has reduced probability 
of unauthorised ascertainment and use of key signal. 
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Abstract (Basic) : US 4434322 A 

The information-containing data to be transmitted is applied to a 
modulo-two adder, the output of which is the encoded data for 
transmission and which is also an input of an n stage shift register. 
An arbitrary logic network, having several inputs each connected to 
several selected shift register stages, produces a particular key 
signal responsive to the condition of the contents of the selected 
shift register stages. At the receiver , the received randomized 
data is fed simultaneously to the input of an n stage shift register 
and to an input of a modulo-two adder. 

An identical arbitrary logic network is connected to the receiver 
shift register and produces the same particular key signal responsive 
to the same conditions in the shift register. The modulo-two adder in 
the receiver has as its second input the key signal. The use of 



the scrambler/ encryption circuitry may be for other applications, 
i.e. rendering tarnperproof recorded information, e.g. audio recording, 
and checking the operation of high speed shift registers. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide an information distribution system capable 
of preventing unauthorized copying. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide a key sharing technology for connecting 
safe enciphered communication path by using a public key cryptograph 
between arbitrary devices. 

SOLUTION: In a key sharing system having a first device and a second 
device, public key certificates are exchanged, and a first device 

generates a first random number, and generates first data by enciphering 
the first random number with the public key of a second device, and 
transmits the first data to a second device. The second device acquires 

the first random number, by decoding the first data with the secret key 
of the second device, and generates a second random number, generates 

a session key from the first random number and the second random 
number, generates second data by enciphering the generated second 
random number with the public key of the first device, and transmits 
the second data to the first device. The first device acquires the second 
random number, by decoding the received second data with the secret key 

of the first device, and generates a session key from the second 
random number and the first random number. 

COPYRIGHT: (C) 2003, JPO 



12/5/26 (Item 26 from file: 347) 

DIALOG (R) File 347:JAPIO 

(c) 2004 JPO & JAPIO. All rts. reserv. 

07349399 **Image available** 
METHOD OF FINDING REPLICATED TERMINAL 



PUB. NO. : 
PUBLISHED: 
INVENTOR ( s ) 



APPLICANT (s) 

APPL. NO. : 
FILED: 
INTL CLASS: 



2002-217890 [JP 2002217890 A] 
August 02, 2002 (20020802) 
MATSUZAKI NATSUME 
ANZAI JUN 
MATSUMOTO TSUTOMU 

ADVANCED MOBILE TELECOMMUNICATIONS SECURITY TECHNOLOGY 
RESEARCH LAB CO LTD 
2001-013250 [JP 200113250] 
January 22, 2001 (20010122) 
H04L-009/08 ; G09C-001/00; H04L-009/32 



ABSTRACT 

PROBLEM TO BE SOLVED: To automatically find and exclude a replicated 
terminal in a communication system consisting of a center and a plurality 
of terminals. 



SOLUTION: The center and a plurality of the terminal are connected through 
a communication network for ciphering communication with individual group 
keys. The center sends challenge information, in the case of delivering 
a new group key to the terminals. Each of the terminals sends 
response information obtained by ciphering terminal ID and a terminal 
random number to a center public key to the center, which retrieves a 
communication log to inspect the presence/absence of terminals, having the 
same terminal ID and different terminal random numbers. If there are 
corresponding terminals, it is determined that the replicated terminal 
exists, and the session key is not delivered . Since random number 
generated by an original terminal is difficult to replicate, the replicated 
terminal cannot generate the same random number, so that the existence of 
the replicated terminal can be detected. When the replicated terminal is 
found, the multi-address communication of exclusion information that this 
has been excluded is performed, to deliver the same group keys to 
unchecked terminals. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To automatically find and exclude a replicated 
terminal in a communication system, consisting of a center and a plurality 
of terminals. 

SOLUTION: The center and a plurality of the terminal are connected through 
a communication network for ciphering communication with individual 
session keys. The center sends challenge information in the case of 
delivering a new session key to the terminals. Each of the terminals 
sends response information obtained by ciphering terminal ID and a 
terminal random number to a center public key to the center, which 
retrieves a communication log and inspects the presence/absence of 
terminals, having the same terminal ID and different terminal random 
numbers. If corresponding terminals exist, it decides that the replicated 
terminal exists, and the session key will not be delivered . Since random 
number generated by an original terminal is difficult to replicate, the 
replicated terminals cannot generate the same random number. Thus, the 
existence of the replicated terminal can be detected. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To enable the utilization of encrypted information 
in devices exclusive of a device to which the information is supplied while 
preventing the illicit utilization thereof by executing mutual 
authentication with an information memory medium, encrypting a first key 

with a second key and recording the encrypted information and the 

encrypted first key to the memory medium. 



SOLUTION: An encryption section 15 reads a key for movement out of the 
memory section 21 of an IC card 4, again encrypts the decrypted content 
key with the key for movement and records the key on an optical disk 5. 
When the ID read out of the ID memory section 23 of the IC card 4 is 
decided to be not registered in an ID identification section 18 and is 
decided to be not mutually authenticated with the IC card 4, the ID 
identification section 18 or a mutual authentication section 17 executes 
prescribed error processing. The mutual authentication section 17 decrypts 

received random numbers with the previously stored common key and if 

the random numbers coincide with the random numbers before the 

encryption , the IC card 4 is authethent icated as the correct IC card. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To allow a specific subscriber to be authenticated 
for receiving the service of a plurality of communication enterprises 
(so-called roaming) by sending a ciphered signal from a 1st 
communication network and using a tentative authentication key in a 2nd 
communication network so as to authenticate the subscriber based on a 
signal resulting from decoding the ciphered signal by the subscriber. 

SOLUTION: A 2nd network receiving an identification number ID from a 
subscriber 300 sends the ID to a 1st network (S202). The 1st network 
generates a tentative anthetication key Kt and sends an authentication 
signal ciphered by issuing an authentication key K13 shared in common 
among subscribers 300 to the 2nd network (S203) . The 2nd network generates 
a random number and sends the random number and the authentication 
number to the subscriber 300 (S204). The subscriber 300 uses the 
authentication key K13 to decode a tentative authentication key Kt and 
ciphers the random number to generate an authentication reply signal 
and returns the authentication reply signal to the 2nd network (S205) . The 
2nd network collates the authentication reply signal with the value 
resulting from ciphering the random number and authenticates the 
subscriber 300 to be a regular subscriber when they are coincident. 
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ABSTRACT 
disable a theft or illegal 
that the secret key cannot 
and a remaining part of a 



use of a secret key by 
be decoded by the pass 
decoding key is not in 



SOLUTION: When the user uses a secret key, the user inputs the pass phrase 
to its own computer and uses a public key of an opposite party to cipher 

a text and sends the resulting text. The opposite party receiving it 
returns a random number having received and stored at the end of a 
preceding communication. The user synthesizes a 1st scramble key from the 
both to decode the stored secret key and to acquire the secret key not 

ciphered . The user computer generates a 2nd random number and a 2nd 

scramble key based on it and the pass phrase, ciphers again the secret 
key and stores the result. Furthermore, the 2nd random number is 

ciphered and sent for the use of the succeeding communication and it is 
deleted with the 2nd scramble key from its own computer. Thus, every 
time a secret key, it is stored while being changed into another form. 
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ABSTRACT 

PURPOSE: To secure the privacy of a certification key shared with a mobile 
subscriber by performing certification corresponding to a signal receiving 
and ciphering a temporary certification key from a second mobile 
communication network in the case of subscriber certification for roaming. 

CONSTITUTION: When a mobile subscriber 30 moves from a first mobile 
communication network to a second mobile communication network 20, an 
identification number ID is transmitted for getting subscriber 
certification. The second network sends this ID and a set certification 
key K12 to the first network 10, and the first network returns a 
certification key K13 ciphered by the K12 to the second network in place 
of directly sending the certification key K12 shared with the subscriber 
30. The second network 20 stores the K13, sends a random value to the 
subscriber 30, collates the random number value provided by restoring a 
certification response signal ciphered by the K13 by using the K12 and 
certifies the . identity of the subscriber by the coincidence. Thus, since 



the certification key K13 is used only for ciphering , the privacy can be 
secured. 
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ABSTRACT 

PURPOSE: To facilitate the confidential communication by enciphering an 
identifier by a first cipher key from a receiving terminal and 
transmitting it to a transmitting terminal, enciphering transmitting 
document information by a second cipher key in the transmitting 
terminal and transmitting it to the receiving terminal. 

CONSTITUTION: A cipher part 9 is provided with an enciphering circuit 
13, a decoding circuit 14, a cipher key generating/managing circuit 15, 
and a pseudo random digit generating/ managing circuit 16. In this state, 
a . random digit generated by a transmitting terminal is transmitted to 
a receiving terminal and based on its random digit, the same first 
cipher key is generated by both the transmitting and the receiving 
terminals, and identifier information of the receiving terminal is 
enciphered by a first cipher key and transmitted to the transmitting 
terminal. In the transmitting terminal, an identifier of the receiving 
terminal is decoded by using a first cipher key and a format is 
inspected, and thereafter, by displaying it on a display part 11, a 
transmitting terminal user certifies the receiving terminal to be the 
other proper party. Also, as for document information sent by a facsimile, 
based on the random digit and the identification number of the receiving 
side, a second cipher key is generated, and encipherment /decoding 
are executed by using it by the transmitting side/ receiving side, 
respectively. In such a way, tapping is prevented. 
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ABSTRACT 

PURPOSE: To enhance the security against the interception by a 3rd party by 
generating >a common key to a master station and each slave station at every 
slave station, allowing the master station to use the common key and 
enciphering a random number so as to send the result to each slave 
station . 



CONSTITUTION: A random number generator 12 generates random numbers Xk, 
R and a power calculation circuit 13 applies power calculation in 
obtaining, e.g., common keys KA, KB. The master station generates a key Yc 
from a secret key Xk generated from a random number, sends it to each 
slave station and keys KA, KB are generated from keys Y(sub 1), Y(sub 2) 
based on the secret keys XA, XB of each slave station. The slave station 
uses the key Yc to generate new keys KA, KB and the master station uses 
the common keys KA, KB with each slave station to encript the random 
number R and sends the result to each slave station. Each slave station 
decodes the random number R to use the random number R as the common 
key of each slave station. Thus, the possibility of the random number R 
decoded by an intercepting personnel is decreased. 
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ABSTRACT 

PURPOSE: To eliminate the need for additional registration of a new key 
by scrambling a random number, encoding and decoding data depending on 
an opposite terminal device address and the storage content of a storage 
means in a encoding device distributing a key for encoding. 

CONSTITUTION: A multiplexer 102 gives (i, j) as the result of arrangement 
of an opposite side terminal address (j) and an own terminal address (i) of 
an address memory 103 as a bit pattern to an exclusive OR element 104 to 
form (i, j)+ MK=Ki j to a master key MK of a memory 105. A scrambler 106 
transmits the result scrambling the random RN generated by a random 
number generator 101 by using a bit pattern Kij as a key to an opposite 
terminal device. Moreover, an encoder/decoder 107 encodes or decodes the 
data by using the random number RN as a key. Thus, the output of the 
scrambler 106 and the encoder/ decoder 107 is obtained externally. 
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Abstract (Basic) : WO 200184766 A2 

NOVELTY - Each party has a secret, unique, randomly assigned 
value y. The sender and receiver engage in a handshake, and the 
sending party is given the y value of the receiving party. A key is 
then generated randomly and used by the sending party to encrypt 
a byte of information to be sent. 

DETAILED DESCRIPTION - A new key is generated for every byte to 
be encrypted . The resulting ciphertext is a combination of the 
output of a function F and a function P. F is a function of plaintext 
and the key. P is a function of the plain text and the y value of the 
receiving party. The y values and keys are not readily apparent to 
users. An INDEPENDENT CLAIM is included for a system and a computer 
program product . 

USE - For encrypting and decrypting information e.g. electronic 
mail . 

ADVANTAGE - Minimizes likelihood of key management problems e.g. 
loss or compromise of keys. 

DESCRIPTION OF DRAWING (S) - The drawing shows a flow diagram of the 
method . 
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Information processing method for processing information on an 
encryption basis for digital recording media eg. Digital versatile disc 
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Abstract (Basic) : EP 977107 A2 

NOVELTY - A data processing unit (41) stores and retrieves an 
intermediate key, in response to an identifier transmitted from an 
audio or video reproduction device, and decides whether or not the 
retrieved intermediate key and a second intermediate key are 
equal to each other. 

DETAILED DESCRIPTION - A data processing apparatus (41) generates 
an intermediate key in response to a random number key, and stores 
the intermediate key in connection with an identifier. A combination of 
the identifier and the random number key is transmitted from the 
data processing device to an audio or video reproduction device which 
generates a second intermediate key in response to the random 
number key. A combination of the identifier and the second 
intermediate key is transmitted from the reproduction device to the 
data processing device. The processing unit (41) also retrieves the 
first intermediate key in response to the identifier transmitted from 
the reproducing device, and decides whether or not the retrieved first 
intermediate key and the second intermediate key are equal to 
each other. INDEPENDENT CLAIMS are included for; a system for 
processing information; 

USE - Processing information on an encryption basis in recording 
media storing digital information eg. Audio and video data stored on CD 
or DVD. 

ADVANTAGE - Enables data processing apparatus to encrypt and 
decrypt digital information transmitted between audio/video 
reproduction device, and data processor. 

DESCRIPTION OF DRAWING (S) - The drawing shows a block diagram of an 
information processing system according to a first embodiment of the 
invention . 

Digital storage medium (11) 

Recording medium drive device (21) 

Data bus (31) 

Data processing apparatus (41) 
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Abstract (Basic) : EP 718803 A 

The method encrypts and decrypts data using an encryption key, 
and operates a digital printer (21) to encrypt or decrypt the postage 
data using the key. A random number is generated, which is encrypted 
at the printer, and transmitted to the meter (11) after encryption 

The random number is decrypted and re- encrypted in such a way 
to have a known relationship to the original random number. The re- 
encrypted random number is transmitted together with the known 
relationship to the printer. The re- encrypted random number is 
decrypted with the known relationship and the relationship is verified. 
The digital printer is enabled upon verification. 

USE /ADVANTAGE - Relates to postage metering system with postage 
accounting system remotely located to postage printer. Prints postage 
indicia unless digital printer is in electronic communication with 
specific vault system. 
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Abstract (Basic) : JP 8305662 A 

The system includes a service donor side system which has a key 
management part (18). A service client (6) is connected to a MASC (5). 
When the client performs an access demand, the key management part 
forms an individual key (K) which is then transmitted to an 
authentication part (15). The individual key is also stored in the MASC 
beforehand. A random number generator (20) generates random number 
(R) which is transmitted to MASC and authentication part. 

MASC enciphers the random number with the individual key and 
the first enciphered data is transmitted to the donor side system 
by a transmitting unit. An encipherment part (151) of the 
authentication part enciphers the random number with the individual 
key to obtain second enciphered data. A comparator (152) compares 
the two enciphered data. When they are equal, it is judged that the 
client has performed access demand. 

. ADVANTAGE - Produces recognition information used in authentication 
dynamically. Prevents surreptitious use by third person. Enables 
service donor to collect price reliably. 
Dwg. 6/14 
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Abstract (Basic) : US 20040073797 Al 

NOVELTY - A task is received from one of the computing devices 
(210A-210N) , that has encrypted random number and serial number of 
physical token related with computing device. A secret cryptographic 
key related to token is obtained, and another random number is 
generated. The random numbers are decrypted/ encrypted with key, 
respectively. Another task having encrypted random number, is 
transmitted to device. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following: 

(1) method of deriving new encryption key for communication 
session; and 

(2) communication system. 

USE - For authenticating computing devices like personal digital 
assistant (PDA), desktop computer in wireless-fidelity (Wi-Fi) network. 

ADVANTAGE - Since authentication and security solution are 
implemented in the access point, the need for additional network 
appliances or server software is eliminated, thereby the cost is 
reduced and less maintenance is required. The secure communication and 
authentication are difficult to hack by an interloper, by using minimal 
number of cryptographic keys. Enables providing unique identification 
of each user, transparent roaming, and positive authentication without 
the use of back-end servers. Reduces the time and cost to deploy 
secured Wi-Fi networks, and simplifies network operation. 

DESCRIPTION OF DRAWING (S) - The figure shows the schematic diagram 
of the Wi-Fi communication system. 

Wi-Fi network (200) 

wireless access point (220) 

master key (230) 



client keys (240A-240N) 
access point key (250) 
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Abstract (Basic) : US 20020159598 Al 

NOVELTY - An initialization string is exchanged between a sender 
and a receiver . An encryption key is generated using data including 
initialization string at both sender and receiver . The next block 
of data is encrypted into ciphertext by symmetric key encryption 
algorithm, and ciphertext is decrypted. A new encryption key is 
generated at both sender and receiver by a pseudo random 
functional unit. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for 
encryption key generation and updating method, 

USE - For transmitting block organized data in symmetric key 
encryption system. 

ADVANTAGE - The encryption system is able to discern the 
difference between transmission error and an attempt at intrusion, and 
to take steps accordingly. 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart explaining 
the block organized data transmission method. 
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Abstract (Basic) : WO 9938288 Al 

NOVELTY - A new , common encryption key is calculated 
independently in the cellular phone (1) and an associated home location 
register (HLR) (2), one of which by means of a number-manipulating 
algorithm using a shared secret random data (102) and the prestored 
encryption key, while the other by means of another 

number-manipulating algorithm using an independently calculated random 

data and the encryption key. 

DETAILED DESCRIPTION - The shared secret random data is 
calculated in either the phone or HLR by means of another 
number-manipulating algorithm using a random number (101) and the 
encryption key, A message including the random number and random 
data is transmitted from the phone or HLR, where the random data 
are calculated, to the other. The random data is calculated in the 
other, independently of the first calculation, by means of another 
number-manipulating algorithm using the random number and encryption 

key . 

USE - For cellular phone network. 

ADVANTAGE - Prevents fraudulent use of cellular phones since the 
new encryption key independently calculated by cellular phone and 
HLR is not transmitted during updating process, thereby eliminating 
possibility of new encryption key being intercepted by 
unauthorized parties during transmission. Does not require transmission 
of updated encryption keys between cellular phone and associated 
central processing facility or HLR for verification. Requires no 
protocol change in existing cellular telephone network. 

DESCRIPTION OF DRAWING (S) - The drawing shows the transmission of 
data messages between the HLR and cellular phone which occurs in the 
dynamic update process initiated by the HLR. 
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Random number (101) 

Shared secret random data (102) 
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01891305 SUPPLIER NUMBER: 17990734 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

The DCE security service, (the security protocol in the Open Software 

Foundations Distributed Computing Environment specification) (includes 

glossary) (Technology Information) 

Gittler, Frederic; Hopkins, Anne C. 
Hewlett-Packard Journal, v46, n6, p41{8) 
Dec, 1995 

ISSN: 0018-1153 LANGUAGE : English RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 6029 LINE COUNT: 00487 

ABSTRACT: The security services of the Open Software Foundation's 
Distributed Computing Environment (DCE) enables the secure transmission of 
data between two parties in a DCE-based client /server environment. DCE is a 
standard specification for integrated services supporting distributed 
applications in heterogeneous client /server computing and network 
environments. The DCE security service combines the Kerberos version 5 
encryption and authentication system with other tools to identify and 
authenticate users, enable applications to decide on whether to allow 
access, and secure data communications. The architecture and implementation 
of a DCE security service; the use of a central registry database 
containing the user and account passwords, keys and identifiers; extended 
registry attributes; and security system requirements are discussed. 

SPECIAL FEATURES: illustration; chart 

DESCRIPTORS: Technology Overview; Systems/Data Security Software; 

Standard 
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01690848 SUPPLIER NUMBER: 15562797 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Confidentially speaking, (E-mail security) (Cover Story) 

Stallings, William 

LAN Magazine, v9, n8, p49(4) 

August, 1994 

DOCUMENT TYPE: Cover Story ISSN: 0898-0012 LANGUAGE: ENGLISH 

RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 3186 LINE COUNT: 00252 

ABSTRACT: The Internet Engineering Task Force's Privacy Enhanced Mail 
(PEM) security standard has been adopted by a wide variety of E-mail 
applications for platforms such as Unix, DOS and Macintosh. An E-mail 
message that is processed by PEM-enabled applications is converted to a 
canonical form that makes it interoperable among different systems. The 
message is then processed through integrity and authentication schemes. 
The standard uses the RSA public-key encryption algorithm and the MD5 
one-way hash function to create digital signatures. PEM encrypts 
messages in the third step. Senders use the data encryption standard 
(DES) to create single - use data encryption keys (DEK) . DES is a 
type of symmetric encryption technology that requires senders and 
receivers to know the secret key in order to lock and unlock messages . 
SPECIAL FEATURES: illustration; table; chart 

DESCRIPTORS: E-Mail; Privacy; Data Integrity; Software Design; 

Encryption ; Standard 
SIC CODES: 4822 Telegraph & other communications 
FILE SEGMENT: CD File 275 
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DIALOG (R) File 275: Gale Group Computer DB(TM) 
(c) 2004 The Gale Group. All rts. reserv. 

01602214 SUPPLIER NUMBER: 13924423 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Cryptography: breaking the code, (an encryption program that uses a 
random number generator) (Column) (What 1 s the Code?) (Tutorial) 

Stafford, David 

Computer Shopper, vl3, n7, p558(2) 
July, 1993 

DOCUMENT TYPE: Tutorial ISSN: 0886-0556 LANGUAGE: ENGLISH 

RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 1816 LINE COUNT: 00135 

ABSTRACT: A method of creating a secure encryption code using a pseudo- 
random number generator is presented. The resulting encryption is so 
secure that it is almost impossible to break it, unless code analyzers know 
the encryption algorithm. However, even if the analyzers know the 
algorithm, they still have to select among 4,294,967,296 choices to locate 
the 32-bit key. The innovation behind the encryption program is to use 
the seed that generates random numbers as the key to the encryption 
code. The program includes the main ( ) function, which ensures that the 
program contains four parameters; the supervisor ( ) function, which opens 
files and provides error messages ; the cipher () function, which encodes 
the input; and the GetRandomNumber ( ) function, which generates pseudo- 
random numbers . 

SPECIAL FEATURES: illustration; program 

DESCRIPTORS: Encryption ; Code Breaking; Cryptography; Pseudo- Random 
Number Generation; Program Development Techniques; Tutorial; Data 
Security 
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DIALOG (R) File 647: CMP Computer Fulltext 
(c) 2004 CMP Media, LLC . All rts. reserv. 

01185073 CMP ACCESSION NUMBER: INW1 9990215S0047 
Maintaining PKI ' s Sterile Environment 

Rutrell Yasin 

INTERNETWEEK, 1999, n 752, PG27 
PUBLICATION DATE: 990215 

JOURNAL CODE: INW LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: Management & Security 
WORD COUNT: 4 10 

... on the Internet. By generating a public/private key pair, a person 

or company can encrypt a confidential message using a private key 
and send it using a public key. The public key can be opened only by the 
intended. . . 

...user can compute a dirty key pair to map an existing signature onto a 
new message , substituting one message for another. Users can also 
spoof or alter a key agreement scheme by setting a... 

...Authority, which binds a person's or company's identity to a digital 
certificate, insert random data into a user's public key to prevent the 
key from being exploited. The CA would then send the clean key with a 
certificate back to the user, who would then compute a new private key 
based on the information inserted by the CA. 



While none of the dirty key exploits. 



21/5, K/6 (Item 1 from file: 233) 

DIALOG (R) File 233 ; Internet & Personal Comp . Abs . 
(c) 2003 EBSCO Pub. All rts. reserv. 

00501425 98BY07-005 

S/MIME: e-mail gets secure This proposed standard protects your 

Internet e-mail from eavesdroppers and tampering 

Stallings, William 

BYTE , July 1, 1998 , v23 n7 p41-42, 2 Page(s) 
ISSN: 0360-5280 
Languages: English 

Document Type: Articles, News & Columns 
Geographic Location: United States 

Spotlights Secure Multipurpose Internet Mail Extensions (S/MIME) . 
Defines it as a security enhancement to the MIME Internet-based e-mail 
format standard and claims that it is bound to become the industry standard 
for commercial use. Notes, however, that it will not replace PGP as the 
personal e-mail security standard. Lists, and explains, the four new 
content functions of S/MIME: enveloped data, signed data, clear-signed 
data, and signed and enveloped data. Says that it provides enhanced 
security by randomly generating a new key for every message, 

attaching the key to the message when it is sent. Also notes the 
relationship between S/MIME and public-key certificates in which the holder 
of the key, or user ID, ^signs' 1 a transmission to attest to its validity. 
Claims that though S/MIME is not so widely implemented at present, all 
users will eventually rely on some sort of public-key infrastructure. 
Includes one diagram and one table, (kgh) 

Descriptors: Security; Standards; Electronic Mail; Internet; 
Messaging; Networks; Privacy 

. . . clear-signed data, and signed and enveloped data. Says that it 
provides enhanced security by randomly generating a new key for every 
message, attaching the key to the message when it is sent. Also notes... 



21/5, K/17 (Item 3 from file: 647) 

DIALOG (R) File 647: CMP Computer Fulltext 
(c) 2004 CMP Media, LLC. All rts. reserv. 

01076695 CMP ACCESSION NUMBER: EET1 995 12 1 1S0095 
V-One raises SmartGate 

Brian Santo 

ELECTRONIC ENGINEERING TIMES , 1995, n 879, PG106 
PUBLICATION DATE: 951211 

JOURNAL CODE: EET LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: The Profession - Interactive Engineering 

WORD COUNT: 553 

TEXT: 

Rockville, Md. - The Virtual Open Network Environment Corp. (V-One) 
today will introduce SmartGate, a client /server application that can be 
dropped in as a secure gateway on most network servers. SmartGate ensures 
mutual authentication by client and server, thereby providing a higher 
network security than firewalls or other secure-server technologies, the 
company said. 

... s identities and, rather than generate a new public key just for 

the session, a new random key is generated. Either the DES or RC4 
algorithm is employed. 

Secure identification data and encryption. . . 
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DIALOG (R) File 647: CMP Computer Fulltext 
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00607536 CMP ACCESSION NUMBER: NWC19910701S2952 

Network Security Seeking Security in the Enterprise-wide Network (Feature 
1) 

Timothy Haight 

NETWORK COMPUTING, 1991, n 207 , 50 
PUBLICATION DATE: 910701 

JOURNAL CODE: NWC LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: Features 

WORD COUNT: 3374 

TEXT: 

Protecting a mainframe or minicomputer means guarding one big box 
that's locked behind the doors of the "glass house." The computer has only 
one operating system with several effective security features. These 
include extensive audit trails and isolation of the security software from 
the rest of the system. In short, physical access to the computer is 
controlled, and logical access through its ports is guarded by the 
operating system. 

TEXT: 

Protecting a mainframe or minicomputer means guarding one big box 
that's locked behind the doors... 

and potentially weak links abound. Figure 1 shows 15 points in a 
network where password protection can be compromised. 

Most computer crimes are committed by authorized users. But more 
users each . . . 

...of password changes; it can waste your time as you wait for your PC to 
encrypt a huge file. Security may mean losing access to a workmate's PC 
after hours if his or her disks are password protected . And, if people 
only hear about security breaches in the newspapers, they may take the... 

...low-cost software-only "sniffers" is posing a new threat. 

Although some LAN operating systems protect passwords by 
encryption or with challenge-response mechanisms (which are discussed 
later), others are vulnerable, as are some... 

...be tapped using the right equipment stuffed in a car that's parked 
behind the receiving dish. 

As the chances to snare a password grow, so does the number of 
passwords . . . 

...systems. But until the days of unencrypted and unchanging passwords 
end, networks are at risk. 

Encryption can foil tapping, and effective systems for encryption 
are available. But even this approach has limits. Packets encrypted at a 
workstation may have to be decoded at each router for the routing 
information . . . 

...a point of clear-text access. Routers may also need to be updated 
whenever an encryption key is changed, which is an inconvenience. 

Further along the network ...workstation on a LAN take control of 
another . 

While access can be turned off or protected by a password, usually 
lacking are such features as an auditing facility that records repeated... 

...for details) information security managers are following four general 
trends: observing the fundamentals, educating users, encrypting data and 
employing dynamic one-time authentication. 

Observing the fundamentals means setting up and maintaining. . . 
conduits that set off alarms if penetrated. But a network can quickly 
extend beyond the protection of such physical security measures. And 
with key information outside the control of operating systems... 



..^secure operating system has its limits. As a result, security practices 
are increasingly turning to encryption . 

Effective encryption can combat such security breaches as 
wiretapping or unauthorized file access. The problem is building an 
encryption system that encodes and decodes messages easily for authorized 
users without yielding to unauthorized users... 

...their keys are secret, be secure. An example of such an algorithm is 
the Data Encryption Standard (DES) developed by the National Institute 
of Standards and Technology (NIST ). Products based on... 

...What's more, the algorithm is easy to use because it can be built into 
encryption programs and then combined with a secret key to produce 
effective encryption . 

Encryption systems can be symmetric or asymmetric. In a symmetric 
system, the sender and receiver use the same algorithm and key. Such a 
system reguires that all the senders and receivers be trustworthy, and 
that they all be able to keep their keys secret. Because someone can break 
into an unprotected system and discover the encryption key, it is also 
necessary to change the key periodically. Changing the key requires 
redistributing. . . 

...of key management hinting at some of its difficulties is that keys 
should never be transmitted over the same communications channel as the 
material they are used to encrypt . 

Key management is easier in an asymmetric encryption system, where 
different keys serve for encoding and decoding. In this method, someone 
distributes an. . . 

...on the same network have their own private decoding keys and only 
distribute their public encryption key. Thus, instead of having one key 
that decodes all the messages on the network. . . 

...anybody else. Consequently, only the private keys require secrecy, 
which simplifies their management. 

Public-key encryption , where every person has his or her own 
personal key, also solves the security problem... 

...person authorized to make it. With a public key crypt o-system, 
authentication happens when the sender encrypts a message twice. 
First, the receiver ' s public key provides the basis for an encryption 
. Then the sender 's private key encrypts the message again. The 
receiver uses his or her private key to decode the sender 's public key 

encryption , then uses the sender 's public key to verify that it 
came from the right person. Other methods of authentication distribute an 
authentication key and algorithm unrelated to the message encryption 
process . 

Unfortunately, the inherent contradiction between security and 
communication inhibits the advance of encryption technology. Usually, 
when complicated technologies are evaluated for effectiveness, the methods 
of evaluation are made... 

...have been widely discussed and became de facto standards as a result. 

But examining an encryption system this way could compromise its 
effectiveness. Thus, certain cryptography research has been classified. 
Beyond DES and RSA it is difficult to assess the quality of an encryption 
system either because those who know won't say or those who would say or 



...much of America's computer industry sells overseas, export limits are a 
disincentive to building encryption into general purpose products. 
Security tends to be relegated to special-purpose products, a practice 
that further limits their sales. 

These complex relationships tend to limit the supply of encryption 
systems, limit incentive to develop new ones and lead to systems that are 
costly making . . . 



patented, which adds license fees to the costs of products that use it. 

Public-key encryption systems also sap substantial computing power, 
limiting encrypted data rates to only a few Kbps of throughput. In 
contrast, private-key systems like DES can encrypt at rates up to 45 
Mbps, with even higher encryption rates expected soon. On the other 
hand, key management with DES is more of a problem. 

For most organizations, an encryption system based on the DES if 
the effort is made to use it properly will... 

...the resources necessary to decode it without being given the key are 
very high. But encryption technology is still a work-in-progress. New 
algorithms from NIST are expected. But there... 

...Fixed passwords, which are subject to tapping and other compromises , 
can be also secured by encryption . Methods range from simple private -key 

encryption between workstation and server to more complicated methods 
such as Kerberos, an authentication system developed... 

. . .Computing environment. 

Challenge-response technigues are effective for authentication, in 
part because they do not send passwords from the user to the 
authenticating computer. Instead, the user sends his or her user name. 
The computer has a key for the user, which is used to send a number some 
function of the key and a random number back to the user. The user, 
who also has the key, decodes the number, then. . . 

. . . end has . When the computer decodes the number sent back by the user 
with the second key and sees the original random number , it knows 
the user is authentic. 

The problem, of course, is that this requires the... 
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